Asp.net web api 未为飞行前CORS请求调用WebApi DelegatingHandler
我正在尝试为我的WebApi控制器实现CORS支持,下面就是一个例子 我的处理程序如下所示:Asp.net web api 未为飞行前CORS请求调用WebApi DelegatingHandler,asp.net-web-api,cors,Asp.net Web Api,Cors,我正在尝试为我的WebApi控制器实现CORS支持,下面就是一个例子 我的处理程序如下所示: /// <summary> /// Taken from http://blogs.msdn.com/b/carlosfigueira/archive/2012/02/20/implementing-cors-support-in-asp-net-web-apis.aspx /// </summary> public class CorsHandler : DelegatingH
/// <summary>
/// Taken from http://blogs.msdn.com/b/carlosfigueira/archive/2012/02/20/implementing-cors-support-in-asp-net-web-apis.aspx
/// </summary>
public class CorsHandler : DelegatingHandler
{
private const string Origin = "Origin";
private const string AccessControlRequestMethod = "Access-Control-Request-Method";
private const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
private const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
private const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
private const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
private const string AccessControlAllowCredentials = "Access-Control-Allow-Credentials";
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var isCorsRequest = request.Headers.Contains(Origin);
var isPreflightRequest = request.Method == HttpMethod.Options;
if (isCorsRequest)
{
if (isPreflightRequest)
{
var response = new HttpResponseMessage(HttpStatusCode.OK);
response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
var accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
if (accessControlRequestMethod != null)
{
response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);
}
var requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
if (!string.IsNullOrEmpty(requestedHeaders))
{
response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);
}
response.Headers.Add(AccessControlAllowCredentials, "true");
var tcs = new TaskCompletionSource<HttpResponseMessage>();
tcs.SetResult(response);
return response;
}
var resp = await base.SendAsync(request, cancellationToken);
resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
resp.Headers.Add(AccessControlAllowHeaders, "*");
resp.Headers.Add(AccessControlAllowCredentials, "true");
return resp;
}
return await base.SendAsync(request, cancellationToken);
}
}
Request OPTIONS /api/campaigns/1002/customerusers/1008 HTTP/1.1
Accept */*
Origin http://app.dev.alanta.com
Access-Control-Request-Method DELETE
Access-Control-Request-Headers accept
Accept-Encoding gzip, deflate
User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host dev.payboard.com
Content-Length 0
DNT 1
Connection Keep-Alive
Cache-Control no-cache
它被要求“获取”请求。但它没有接到任何需要飞行前批准的请求。请求如下所示:
/// <summary>
/// Taken from http://blogs.msdn.com/b/carlosfigueira/archive/2012/02/20/implementing-cors-support-in-asp-net-web-apis.aspx
/// </summary>
public class CorsHandler : DelegatingHandler
{
private const string Origin = "Origin";
private const string AccessControlRequestMethod = "Access-Control-Request-Method";
private const string AccessControlRequestHeaders = "Access-Control-Request-Headers";
private const string AccessControlAllowOrigin = "Access-Control-Allow-Origin";
private const string AccessControlAllowMethods = "Access-Control-Allow-Methods";
private const string AccessControlAllowHeaders = "Access-Control-Allow-Headers";
private const string AccessControlAllowCredentials = "Access-Control-Allow-Credentials";
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var isCorsRequest = request.Headers.Contains(Origin);
var isPreflightRequest = request.Method == HttpMethod.Options;
if (isCorsRequest)
{
if (isPreflightRequest)
{
var response = new HttpResponseMessage(HttpStatusCode.OK);
response.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
var accessControlRequestMethod = request.Headers.GetValues(AccessControlRequestMethod).FirstOrDefault();
if (accessControlRequestMethod != null)
{
response.Headers.Add(AccessControlAllowMethods, accessControlRequestMethod);
}
var requestedHeaders = string.Join(", ", request.Headers.GetValues(AccessControlRequestHeaders));
if (!string.IsNullOrEmpty(requestedHeaders))
{
response.Headers.Add(AccessControlAllowHeaders, requestedHeaders);
}
response.Headers.Add(AccessControlAllowCredentials, "true");
var tcs = new TaskCompletionSource<HttpResponseMessage>();
tcs.SetResult(response);
return response;
}
var resp = await base.SendAsync(request, cancellationToken);
resp.Headers.Add(AccessControlAllowOrigin, request.Headers.GetValues(Origin).First());
resp.Headers.Add(AccessControlAllowHeaders, "*");
resp.Headers.Add(AccessControlAllowCredentials, "true");
return resp;
}
return await base.SendAsync(request, cancellationToken);
}
}
Request OPTIONS /api/campaigns/1002/customerusers/1008 HTTP/1.1
Accept */*
Origin http://app.dev.alanta.com
Access-Control-Request-Method DELETE
Access-Control-Request-Headers accept
Accept-Encoding gzip, deflate
User-Agent Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
Host dev.payboard.com
Content-Length 0
DNT 1
Connection Keep-Alive
Cache-Control no-cache
但正如我所说,处理程序从未被调用选项动词
我原以为可能有其他处理者在某处干预此事,但我已经排除了所有可能的候选人,到目前为止没有运气
我的另一个理论是,它没有识别选项动词的特定路径,因此它从不将请求传递给WebApi子系统,而是在其他地方处理。但我不完全清楚如何解决这个问题
建议?将以下内容添加到web.config:
<handlers>
<remove name="OPTIONSVerbHandler" />
</handlers>
CORS如何?我对此进行了研究,但(在我的简短探索中)我看到的主要问题是,我需要能够在运行时动态指定“访问控制允许源”,因为将其设置为“*”会阻止您使用“访问控制允许验证”头。也许它有办法做到这一点,但我没有发现。尝试将此添加到web.config:
就是这样!具体来说,OPTIONSVerbHandler。把它放在一个答案里,我就相信你了。谢谢<代码>返回响应代码>?IMHO应返回tcs.Task